Overview

overview

10

Static

static

10

Installer.zip

windows11-21h2-x64

1

Adobe/da.pak

windows11-21h2-x64

3

Launcher S....1.exe

windows11-21h2-x64

7

chrome_100...nt.pak

windows11-21h2-x64

3

chrome_200...nt.pak

windows11-21h2-x64

3

ffmpeg.dll

windows11-21h2-x64

1

resources.pak

windows11-21h2-x64

3

resources/app.asar

windows11-21h2-x64

3

resources/elevate.exe

windows11-21h2-x64

1

d3dcompiler_47.dll

windows11-21h2-x64

1

lib/asm-all.jar

windows11-21h2-x64

7

lib/dn-com...le.jar

windows11-21h2-x64

7

lib/dn-php-sdk.jar

windows11-21h2-x64

7

lib/gson.jar

windows11-21h2-x64

7

lib/jfoenix.jar

windows11-21h2-x64

7

lib/jphp-a...rk.jar

windows11-21h2-x64

7

lib/jphp-core.jar

windows11-21h2-x64

7

lib/jphp-d...xt.jar

windows11-21h2-x64

7

lib/jphp-gui-ext.jar

windows11-21h2-x64

7

lib/jphp-g...xt.jar

windows11-21h2-x64

7

lib/jphp-json-ext.jar

windows11-21h2-x64

7

lib/jphp-j...xt.jar

windows11-21h2-x64

7

lib/jphp-runtime.jar

windows11-21h2-x64

7

lib/jphp-xml-ext.jar

windows11-21h2-x64

7

lib/jphp-zend-ext.jar

windows11-21h2-x64

7

lib/jphp-zip-ext.jar

windows11-21h2-x64

7

lib/jsoup.jar

windows11-21h2-x64

7

lib/slf4j-api.jar

windows11-21h2-x64

7

lib/slf4j-simple.jar

windows11-21h2-x64

7

lib/zt-zip.jar

windows11-21h2-x64

7

libG1LESv2.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02/05/2024, 13:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lib/jphp-json-ext.jar

  • Size

    16KB

  • MD5

    fde38932b12fc063451af6613d4470cc

  • SHA1

    bc08c114681a3afc05fb8c0470776c3eae2eefeb

  • SHA256

    9967ea3c3d1aee8db5a723f714fba38d2fc26d8553435ab0e1d4e123cd211830

  • SHA512

    0f211f81101ced5fff466f2aab0e6c807bb18b23bc4928fe664c60653c99fa81b34edf5835fcc3affb34b0df1fa61c73a621df41355e4d82131f94fcc0b0e839

  • SSDEEP

    384:fSw3uFslDvQGOoqdoUFKgvXj9jmHo5+FejOcEDffWPvy:KwJlrQGOdoUFKgvTmn6y

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\lib\jphp-json-ext.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    fffa759111ab554d34d879ff95cf153e

    SHA1

    79d299e21b57b4a1918da46e25380562f7b72846

    SHA256

    be8e6f737d02a2e07b538992b954aaa531c9fc9ba355495bfb6eaeb5c55f581f

    SHA512

    7fbd0c53331b624475c518144a646414cf72dfbe0c2b2610e1bcc6e81b4a40e315b9da7b9d37fa962b32d7b466058c6fd71e68d62ef534322606ef7e95bb21d1

    Download Submit

  • memory/2788-2-0x000001FF63330000-0x000001FF635A0000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2788-12-0x000001FF61AC0000-0x000001FF61AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2788-13-0x000001FF63330000-0x000001FF635A0000-memory.dmp

    Filesize

    2.4MB

    Download